Application Data Protection is a policy feature that enables you to define and protect data for a given application. Application data protection is provided for application file, registry, and process data.
The two levels of security for protecting application data are as follows:
Read-only data that can be read by other applications, but not modified.
No-access data that cannot be written to or read by other applications.
The two ways to override application data protection from a given sandbox are as follows:
You can choose to disable the application data protection feature for a given sandbox.
Click General settings -> Protection Categories ->Obey All Other Application Data Restrictions to control whether a given sandbox contains the application data restrictions that are defined for other applications in the policy.
You can choose to override the application data protection restrictions in a given sandbox using the sandbox File/Registry/Process Access Control Resource List rules.
The 6.0 policy contains policy options for defining the application data to protect, and policy options for disabling application data restrictions for a given sandbox. These policy options are available only in the Policy Editor Advanced view.
Defining application data protection
To define the data for protecting a given application, click General Settings -> Application Data Protection and configure the file, registry, and process data to protect a given application.
Enabling or disabling application data protection
Click General Settings -> Protection Categories to enable or disable application data restrictions for that sandbox.
Overriding application data protection restrictions
To override application data restrictions, you must enter the application resource in the File, Registry, or Process Access Control resource list of the sandbox that contains the process and allow access to the application data.
Imported Document ID: HOWTO95346
Subscribing will provide email updates when this Article is updated. Login is required.